package moderation import ( "net/http" "net/http/httptest" "strings" "testing" "github.com/gin-gonic/gin" "github.com/google/uuid" ) func TestGetModerationQueue_NoAuth(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodGet, "/admin/moderation/queue", nil) // No user_id in context — should fail with auth error // GetModerationQueue doesn't check auth itself (middleware does), so it proceeds // But ProcessReport requires moderator ID handler.ProcessReport(c) if w.Code != http.StatusUnauthorized { t.Errorf("expected 401, got %d", w.Code) } } func TestProcessReport_InvalidID(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/admin/moderation/reports/invalid/process", strings.NewReader(`{"action":"approve"}`)) c.Request.Header.Set("Content-Type", "application/json") c.Params = gin.Params{{Key: "id", Value: "not-a-uuid"}} // Set user_id in context c.Set("user_id", mustParseTestUUID()) handler.ProcessReport(c) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestProcessReport_InvalidAction(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/admin/moderation/reports/123/process", strings.NewReader(`{"action":"invalid_action"}`)) c.Request.Header.Set("Content-Type", "application/json") c.Params = gin.Params{{Key: "id", Value: "00000000-0000-0000-0000-000000000001"}} c.Set("user_id", mustParseTestUUID()) handler.ProcessReport(c) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestCreateEnhancedReport_NoAuth(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/reports", strings.NewReader(`{"content_type":"track","category":"spam","reason":"test"}`)) c.Request.Header.Set("Content-Type", "application/json") handler.CreateEnhancedReport(c) if w.Code != http.StatusUnauthorized { t.Errorf("expected 401, got %d", w.Code) } } func TestCreateEnhancedReport_InvalidBody(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/reports", strings.NewReader(`{}`)) c.Request.Header.Set("Content-Type", "application/json") c.Set("user_id", mustParseTestUUID()) handler.CreateEnhancedReport(c) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestAppealStrike_InvalidID(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/strikes/invalid/appeal", strings.NewReader(`{"appeal_text":"I disagree"}`)) c.Request.Header.Set("Content-Type", "application/json") c.Params = gin.Params{{Key: "strikeId", Value: "not-a-uuid"}} c.Set("user_id", mustParseTestUUID()) handler.AppealStrike(c) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestReviewFingerprint_InvalidTrackID(t *testing.T) { gin.SetMode(gin.TestMode) handler := NewModerationHandler(nil, nil) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest(http.MethodPost, "/admin/moderation/fingerprints/invalid/review", strings.NewReader(`{"status":"clean"}`)) c.Request.Header.Set("Content-Type", "application/json") c.Params = gin.Params{{Key: "trackId", Value: "not-a-uuid"}} c.Set("user_id", mustParseTestUUID()) handler.ReviewFingerprint(c) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func mustParseTestUUID() uuid.UUID { return uuid.MustParse("00000000-0000-0000-0000-000000000001") }